Problems receiving email from certain websites

[Ravendas]

I have some clients that are having issues receiving email from specific websites, specifically Amazon and mirra.com. I've looked through the logs and can't even find an attempt at delivery, much less an error of any kind. Has anyone run into this issue before, and what else can I do to solve it?

Is there any additional info I can supply that might help?

Some basic info to get started:
Exim 4.5 running spamblocker file from DA
No SA on the affected domain

 

[nobaloney]

If you don't see any attempts to addresses on your server from these websites then your server isn't even getting as far as opening a dialogue with them.

However it's important to note that websites don't send email, email servers do. So the first step is to get email from the same addresses somewhere it does work, and look in the headers of that email to see the names of the connecting servers.

Then you can start by whitelisting those severs in /etc/virtual/whitelist_hosts, to see if that helps.

Note that for SpamBlocker whitelisting to work successfully you must be updated to SpamBlocker 2.

Jeff

 

[Ravendas]

I understand that the email servers are sending the email. Perhaps I should have said domains.

I have a successful email sent to a gmail account. Which headers should I be looking for? The Received: header? The put that server in whitelist_hosts? I had them in whitelist_domains. Can I use wildcards in whitelist_hosts?

I have updated to Spamblocker2.

 

[nobaloney]

Now you've got me lost.

Are you having problems sending to gmail or getting email from gmail?

If you're having problems getting email from gmail then an email sent successfully to email isn't going to tell you anything useful.

If you're not getting email FROM gmail servers you need a list of the gmail servers (or of the IP#s of gmail servers) to put into /etc/virtual/whitelist_hosts.

If you're not getting email from people using gmail return addresses then you should put a list of their complete addresses in /etc/virtual/whitelist_senders.

To get email from everyone using a gmail domain (even forged) put gmail.com in /etc/virtual/whitelist_domains.

Given a choice, the best way is to put the list of gmail servers, either by IP# or by hostname.

You can get a list of the IP#s of gmail.com's authorized hosts by getting their spf record:

dig gmail.com txt

The above returns:

gmail.com.              87      IN      TXT     "v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all"

which tells you all the IP#s to put into /etc/virtual/whitelist_hosts.

That should whitelist all email from gmail's hosts.

Now to answer your other questions: you cannot use whildcards in the whitelists and blacklists .

And if you updated to SpamBlocker2 yourself, you should make sure did everything in the README file, displayed
here.

Jeff

 

[Ravendas]

OK, I may have confused you a bit. I'll focus on one domain: amazon.com. I cannot receive certain emails from amazon.com. I've looked at the headers of an email sent from amazon.com to a gmail account, and put the amazon.com smtp server's information into whitelist_hosts. I have no problems receiving email from gmail.com users. In fact, amazon.com is the only domain I can't get some emails from. I say some, because I can get alerts from amazon, but I can't get confirmation emails or order status emails. I assume they are on different systems.

I applied Spamblocker2 step-by-step and rechecked everything twice after I was done. Since I'm not having problems from any other domain, I'm assuming the spamblocker file is fine.

In my exim logs, I can't even see that the amazon email server attempted to deliver any messages. If there was a failure on my end, I would think I would have a error, reject or something in the logs. Is that true? Here's an example that worked:

[root@***** exim]# tail --lines=8000 mainlog | grep 'amazon'
2006-04-08 11:23:59 1FSGEB-0005fn-Ja <= [email][email protected][/email] H=smtp-out-2002.amazon.com [207.171.160.38] P=esmtp S=2349 [email protected] T="Your Amazon.com Alerts Subscription" from <[email protected]> for amazon@**************.com
2006-04-08 11:24:03 1FSGEB-0005fr-Q9 <= [email][email protected][/email] U=mail P=spam-scanned S=2708 [email protected] T="Your Amazon.com Alerts Subscription" from <[email protected]> for amazon@***************.com
2006-04-08 11:24:03 1FSGEB-0005fr-Q9 => twisted <amazon@*************.com> F=<[email protected]> R=localuser T=local_delivery S=2875
2006-04-08 11:24:03 1FSGEB-0005fn-Ja => amazon <amazon@*************.com> F=<[email protected]> R=spamcheck_director T=spamcheck S=2623

That looks normal right?

In whitelist_domains:
amazon.com

In whitelist_hosts:
mail-store-1002.amazon.com
smtp-out-2101.amazon.com
smtp-out-1101.amazon.com
smtp-out-0101.amazon.com
207.171.180.182
207.171.164.44
207.171.164.43

Not sure how to proceed from here. I've contacted amazon, but haven't heard anything back.

Thanks for your help!

 

[nobaloney]

I've looked at the headers of an email sent from amazon.com to a gmail account, and put the amazon.com smtp server's information into whitelist_hosts.

You haven't listed all their hosts. Their spf record shows:

207.171.160.32
207.171.180.176
207.171.164.32
207.171.190.0
87.238.80.24
87.238.84.24

as their IP#s for sending email.
And you need to put all of them into whitelist_hosts.

I applied Spamblocker2 step-by-step and rechecked everything twice after I was done. Since I'm not having problems from any other domain, I'm assuming the spamblocker file is fine.

I'm presuming this means you've read the README. If not, please read it to make sure you've done everything, including restarting exim.

In my exim logs, I can't even see that the amazon email server attempted to deliver any messages. If there was a failure on my end, I would think I would have a error, reject or something in the logs. Is that true?

If exim rejects your email for any reason it puts a record into /var/log/exim/rejectlog. If there are no records there then Amazon isn't even connecting.

Not sure how to proceed from here.

I couldn't begin to tell you . Only Amazon can tell you what's in their logs. Note that many of us get our emails from Amazon without a problem.

I've contacted amazon, but haven't heard anything back.

I'm presuming you've given them your gmail address for writing back? Otherwise they may be trying to reach you.

Jeff

 

[Ravendas]

I'm presuming you've given them your gmail address for writing back? Otherwise they may be trying to reach you.

Well, I did forget to send the amazon request through my gmail account, so that could explain the lack of response. I've resent with my gmail account.

as their IP#s for sending email.
And you need to put all of them into whitelist_hosts.

I've added the hosts you mentioned to the ones in the file. Didn't seem to make a difference.

I'm presuming this means you've read the README. If not, please read it to make sure you've done everything, including restarting exim.

Yes, read the readme, followed directions, restarted exim, went through twice more to make sure I didn't miss anything. The fact I'm getting email from other places just fine leads me to believe there's nothing wrong with the setup.

If exim rejects your email for any reason it puts a record into /var/log/exim/rejectlog. If there are no records there then Amazon isn't even connecting.

The only thing in the rejectlog from amazon is this:

2006-04-09 20:09:18 H=c-68-44-2-91.hsd1.nj.comcast.net (amazon.com.br) [68.44.2.91] F=<[email protected]> rejected RCPT <burns@*******.com>: Email blocked by CBL - to unblock see [url]http://www.**********com/blocked.html[/url]

and it's definatly a spam, as that user doesn't exist. There is another older message like this:

rejectlog.1:2006-04-06 05:19:25 H=e105116.upc-e.chello.nl [213.93.105.116] F=<[email protected]> rejected RCPT <curren@*********.com>:

which is also a bad user. Nothing in reject that looks remotely legit.

Just to throw gas on the fire, I signed up for a google group (one customer mentioned problems with google groups). I can receive the welcome email, the account verification email and even the "we've had problems delivering email" email, but not any actual email from the group. Weird huh?

 

[Ravendas]

I got the fail from google:

PERM_FAILURE: SMTP Error (state 8): 553 Requested action not taken: mailbox name not allowed

Does that mean the account doesn't exist?

 

[nobaloney]

[Does that mean the account doesn't exist?

Was that an error returning an email you sent? It appears the email name doesn't exist.

We started about a week ago to not get emails from Yahoo groups. I have no idea why. Like you, we can get other mail from Yahoo, but not mail from the group we're subscribed to. It doesn't even appear to hit the server.

I don't believe it's a DA-specific issue.

And of course Yahoo doesn't care enough to reply even though I've written them from an address not on the server.

Jeff

 

[Ravendas]

It was the bounce email that googlegroups received back. You can log into your account and see the email that got bounced. Unfortunately, the headers give no indication that it attempted to contact my mail server, and of course there's no record of anything in my logs. This is really frustrating. So far, the only thing Amazon can come up with is use my gmail account, which is not a good solution.

Thanks for your help though!

I'll post back if I ever figure this out.